{{- if or (hasKey .Values.certManager "cloudflareGlobalAPIKey") (hasKey .Values.certManager "cloudflareAPIToken") }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: cloudflare
  namespace: d8-cert-manager
  {{- include "helm_lib_module_labels" (list . (dict "app" "cert-manager")) | nindent 2 }}
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    {{- if and (hasKey .Values.certManager "cloudflareEmail") (.Values.certManager.cloudflareEmail) }}
    email: "{{ .Values.certManager.cloudflareEmail }}"
    {{- else }}
      {{ cat "No key cloudflareEmail in deckhouse configmap" .Values.certManager.cloudflareEmail | fail }}
    {{- end }}
    privateKeySecretRef:
      name: cloudflare-tls-key
    solvers:
    - dns01:
        cloudflare:
          email: "{{ .Values.certManager.cloudflareEmail }}"
          {{- if and (hasKey .Values.certManager "cloudflareAPIToken") (.Values.certManager.cloudflareAPIToken) }}
          apiTokenSecretRef:
            name: cloudflare
            key: api-token
          {{- else if and (hasKey .Values.certManager "cloudflareGlobalAPIKey") (.Values.certManager.cloudflareGlobalAPIKey) }}
          apiKeySecretRef:
            name: cloudflare
            key: global-api-key
          {{- end }}
{{- end }}
